Mosquitto

An Open Source MQTT v3.1/v3.1.1 Broker

Archive for 'Uncategorized'

Security

Fix CVE-2017-9868. The persistence file was readable by all local users,
potentially allowing sensitive information to be leaked.
This can also be fixed administratively, by restricting access to the
directory in which the persistence file is stored.

Clients

I have taken a bit of a break from Mosquitto for the past few months, partly because I needed a break but also to work on another unrelated project. I’m now back and working on Mosquitto again, primarily implementing support for the upcoming MQTT v5 spec which has added even more features since I mentioned last wrote about it. Once that is in a state that is reasonably compliant if incomplete, I will be looking for testers.

There are a few fixes in the repository waiting for release, I anticipate releasing 1.4.11 before the end of the year.

There have been some changes to test.mosquitto.org. On its original host I was seeing lots of bandwidth being used by lots of clients, but in particular lots and lots of tiny connections being made which not showing up on my bandwidth monitoring, but were consuming bandwidth and causing problems at my provider. My provider got in touch to say that at times approximately half of the network flows for their network were related to test.mosquitto.org, and could would I please have a chat with the transit provider to discuss how best to manage this service. In the face of that and the risk of exceeding 2TB bandwidth usage per month, test.mosquitto.org has been moved to a lower spec host with smaller pipes and “automatic DDOS protection”. This means I now get half a dozen emails per day to say that test.mosquitto.org is under attack. If you find you can’t connect to test.mosquitto.org, it might be because you have been blocked by this DDOS protection – if so, maybe think about how you are using the service.

The final thought for this post – if you are part of a company that uses mosquitto and it adds value to your company, please consider making a donation to the project that reflects that value. If it is difficult for your company to make donations but you would still like to contribute back, please get in touch and maybe we can arrange something.

The MQTT Technical Committee at OASIS continue to work on improvements to MQTT. The next version looks set to be MQTT version 5 and has reached the “working draft” stage. This post lists some of the changes that are in the working draft 02 and so gives at least a flavour of the improvements coming up. Take this with a pinch of salt, I may have missed some changes and there is no commitment that any of these features will remain in the final specification as they are described here.

Session management

In MQTT v3.1.1 and earlier, a client could control how the server treats its session with the clean session flag. If set to 1, the server would delete any existing session for that client and would not persist the session after disconnecting. If set to 0, the server would restore any existing session for a client when it reconnected, and persist the session when the client disconnected.

A session here means the subscriptions for a client and any queued messages.

The new spec changes this behaviour. The clean session flag has been renamed to clean start (this was actually the name of the flag in the old MQTT v3 spec) and now only affects how the broker handles a client session when the client connects. If set to 1, the server discards any previous session information, otherwise session information is kept.

To deal with removing of sessions at any other time, a new identifier/value pair has been introduced. These identifier/value pairs are an addition to the variable header part of some MQTT packets and allow configuring of different behaviour. In the case of the CONNECT packet, a Session Expiry interval can be specified which is a 4 byte integer that gives the number of seconds after a client has disconnected that the server should remove session information for that client. If the Session Expiry interval is absent from the CONNECT packet, then the session will never expire. If it is set to 0, then the session is removed as soon as the client disconnects.

The new clean start flag and session expiry interval allow the existing clean session behaviour to be duplicated but also allow client sessions to be expired based on time.

Updated Connect Return codes

The return codes passed to the client in a CONNACK packet have been expanded to include:

6: Connection Refused, reason unspecified

7: Connection Refused, implementation specific

8: Connection Refused, CONNECT packet was malformed

Repeated topics when publishing

When publishing data to a single topic, a new feature will help reduce bandwidth use. A client or server can set the topic in a PUBLISH message to be a zero length string. This tells the client/server being published to, to use the previous topic instead. This goes some way to reducing the current overhead associated with publishing – a shame it isn’t quite as good as the registered topics available in MQTT-SN.

Payload Format Indicator

Another identifier/value pair is available for use when sending a PUBLISH message. This is the Payload Format indicator. If present and set to 1, this indicates that the PUBLISH payload is UTF-8 encoded data. If set to 0, or if the indicator is not present then the payload is an unspecified byte format, exactly as with MQTT v3.1.1.

Publication Expiry interval

This is an identifier/value pair for use when publishing. If present, this value is a 4 byte integer which gives the number of seconds for which the server will attempt to deliver this message to a subscriber. This means that an offline client with messages being queued may not receive all of the messages when it reconnects, due to some of them expiring. Interestingly, when the server does deliver a message that had a Publication Expiry set, it sets the Publication Expiry on the outgoing message to the client but with the amount of time that there is left until the message expires. This means that the true time to expiry will propagate through bridges or similar.

Publish Return Codes

The PUBACK and PUBREC packets have a new entry in their variable header which is the Publish Return Code. This can be used to tell the client a message has been refused for various reasons, accepted, or accepted with no matching subscribers. For the PUBREC packet, if the message is refused or accepted with no matching subscribers then there is no expectation for the PUBREL/PUBCOMP messages to be sent for that message.

The PUBCOMP packet also has a similar entry which has the same set of return codes and an additional one for the case when a message had expired. This is for the case when a client reconnects with clean start set to 0 and it has a QoS 2 message part way through its handshake, but the server has already expired the message.

There is still no way to tell a client that its QoS 0 message was refused.

Disconnect notification

In MQTT v3.1.1 and before, only the client sends a DISCONNECT packet. In the draft spec, either the client or the server can send DISCONNECT and it is used to indicate a reason for disconnection. The disconnect return codes are:

0: Connection disconnected by application (sent by client)

1: Server temporarily unavailable (server)

2: Server unavailable (server)

3: Malformed UNSUBSCRIBE packet received (server)

4: Session taken over (server – for when another client connects with the same ID)

5: Malformed packet received

It is clear that there is some duplication there, so I think this is a likely place that changes will be made.

Disconnect expiry notification

The DISCONNECT packet can also include a Session Expiry interval value, as with CONNECT. This allows a client to clean up when it disconnects, or to set a long expiry time, even if these were not specified at the initial connect.

If you would like to obtain some stickers for yourself you have two options.

The first is to get in touch and I’ll send you some for a small contribution. This contribution is to cover the cost of the stickers plus postage: (cost of postage)+N*£0.45, where N is the number of sheets of 6 stickers that you want. Cost of postage for a letter can be calculated using the Royal Mail price finder, but should be £1.05 for destinations outside of the UK. Please also consider Paypal fees using a fees calculator to calculate the final sum. So for a single sheet of stickers posted internationally, the cost would be £1.76 including paypal fees. Two sheets would be £2.23.

The second option is to buy a full sticker book through moo.com. This can be done very easily by navigating to http://mosquitto.org/stickers/ This allows you to easily order a sticker book of 90 stickers with either the colour or blue monochrome stickers, or a mix of both.

There is a third option – get in touch to say why you deserve some stickers and maybe we’ll send you some. We’re looking for things that make us say “wow!” If you will be sending your sticker to space, getting mosquitto on television or using MQTT in your Formula 1 technology, these are all things that would exciting to see with a mosquitto sticker in place. If you want to give out stickers at a local IoT related event or similar that’s great, but we’d ask that you make a small donation. It’s only a small cost for you, but there are many people in your situation and it becomes a noticeable cost for the project.

The first round of the logo contest has closed and we now need to shortlist 6 designers. A selection of 20 logos have been chosen out of the 100 entrants and you are invited to vote on them and make comments. If you like a particular logo but not the colour, or like an idea behind the logo but not another element then please say so.

Bug reports should also be made on github and the existing bug reports will be migrated over shortly.

The documentation still needs updating with the new location and processes, so please do be patient with regards that.

Contributions can now be made through a github pull request. If you want to contribute a bug fix, please base your work off the “fixes” branch, if you are developing a new feature please use the “develop” branch.

This is a security bugfix release. Any users of the “mount_point” feature are strongly advised to upgrade because versions prior to 1.4.8 allow clients to inject messages outside of their mount_point through the use of a Will.

Broker

Wills published by clients connected to a listener with mount_point defined
now correctly obey the mount point. This was a potential security risk
because it allowed clients to publish messages outside of their restricted
mount point. This is only affects brokers where the mount_point option is in
use. Closes #487178.